The Four Requirements of HIPAA Compliant Text Messaging

Secure email provider

Physicians and other healthcare providers need to be in constant contact with each other. While secure texting apps have made it easy for doctors and other healthcare team members to communicate quickly and efficiently, these secure text apps run into problems with privacy regulations, like the Health Insurance Portability and Accountability Act (HIPAA).

Firstly, these secure text apps contain electronic protected health information (ePHI) that’s only legally privy to certain persons, yet can be read by anyone, can be forwarded to anyone, and remains unencrypted on servers, where unauthorized third parties can access it.

Thankfully, mobile app developers have recognized the healthcare industry’s need for a means of real time communication that also complies with privacy laws, and have created HIPAA compliant text messaging apps.

In order to comply with HIPAA, these apps must meet four requirements.

Physical Security.

Healthcare organizations will either store their electronic medical data — including texts — in onsite servers or in offsite data centers that utilize the cloud. In order to comply with HIPAA, these servers and data centers need to be physically secure.

Encrypted Data.

Besides needing to be physically secure, these servers and data centers need also to be electronically secure. They need to encrypt any and all ePHI, whether it’s outgoing, inbound, or at rest.

Recipient Authentication.

What happens if a secure text is sent to Jon Smith, instead of John Smith? Even though the text was encrypted on a physically secure server, it still broke HIPAA regulations. In order to avoid such situations, HIPAA compliant secure text apps need have recipient authentication protocols that let the sender know if, when, and to whom a message was sent.


The last requirement for HIPAA compliance is the ability to create an audit trail that records any and all communication containing ePHI. This means being able to archive every message, to retrieve the messages, and to monitor the entire system.

If you have any questions about secure text messaging for healthcare providers, feel free to ask in the comments. Good refereneces.

About: Technology

Follow by Email